Sample DPO Service Agreement

This document serves as a starting point for organizations considering the engagement of an external DPO.


Published: July 2018


Click to View (PDF)

Now that the GDPR is in effect, many organizations need data protection officers. However, not all organizations can or need to staff the DPO role in-house — and the regulation does not require organizations to do so; Article 37(6) allows for the data protection officer role to be filled using a service contract. But what should a DPO service contract look like?.

The IAPP offers this sample document as a starting point for organizations considering the engagement of an external DPO.